From b7e3f5bc687bc70747b246a1a35095a1f0463fbe Mon Sep 17 00:00:00 2001 From: Addison Beck Date: Tue, 2 Jul 2024 10:53:06 -0400 Subject: [PATCH] Restructure the `org-permissions` guard to be Angular 17+ compliant (#9631) * Document the `org-permissions` guard in code * Restructure the `org-permissions` guard to be Angular 17+ compliant * Update the `org-permissions` guard to use `ToastService` * Simplify callback function sigantures * Remove unused test object * Fix updated route from merge --- .../guards/org-permissions.guard.spec.ts | 68 +++++++------- .../guards/org-permissions.guard.ts | 90 ++++++++++++------- .../members/members-routing.module.ts | 5 +- .../organization-routing.module.ts | 10 +-- .../organization-reporting-routing.module.ts | 10 +-- .../organization-settings-routing.module.ts | 14 ++- .../organization-billing-routing.module.ts | 18 ++-- .../vault/org-vault/vault-routing.module.ts | 6 +- .../organizations-routing.module.ts | 22 ++--- .../settings/settings-routing.module.ts | 9 +- 10 files changed, 129 insertions(+), 123 deletions(-) diff --git a/apps/web/src/app/admin-console/organizations/guards/org-permissions.guard.spec.ts b/apps/web/src/app/admin-console/organizations/guards/org-permissions.guard.spec.ts index 570c35d5f8..72e68febe2 100644 --- a/apps/web/src/app/admin-console/organizations/guards/org-permissions.guard.spec.ts +++ b/apps/web/src/app/admin-console/organizations/guards/org-permissions.guard.spec.ts @@ -1,3 +1,4 @@ +import { TestBed } from "@angular/core/testing"; import { ActivatedRouteSnapshot, convertToParamMap, @@ -10,10 +11,10 @@ import { OrganizationService } from "@bitwarden/common/admin-console/abstraction import { OrganizationUserType } from "@bitwarden/common/admin-console/enums"; import { Organization } from "@bitwarden/common/admin-console/models/domain/organization"; import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service"; -import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service"; import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction"; +import { ToastService } from "@bitwarden/components"; -import { OrganizationPermissionsGuard } from "./org-permissions.guard"; +import { organizationPermissionsGuard } from "./org-permissions.guard"; const orgFactory = (props: Partial = {}) => Object.assign( @@ -32,8 +33,6 @@ describe("Organization Permissions Guard", () => { let state: MockProxy; let route: MockProxy; - let organizationPermissionsGuard: OrganizationPermissionsGuard; - beforeEach(() => { router = mock(); organizationService = mock(); @@ -42,24 +41,25 @@ describe("Organization Permissions Guard", () => { params: { organizationId: orgFactory().id, }, - data: { - organizationPermissions: null, - }, }); - organizationPermissionsGuard = new OrganizationPermissionsGuard( - router, - organizationService, - mock(), - mock(), - mock(), - ); + TestBed.configureTestingModule({ + providers: [ + { provide: Router, useValue: router }, + { provide: OrganizationService, useValue: organizationService }, + { provide: ToastService, useValue: mock() }, + { provide: I18nService, useValue: mock() }, + { provide: SyncService, useValue: mock() }, + ], + }); }); it("blocks navigation if organization does not exist", async () => { organizationService.get.mockReturnValue(null); - const actual = await organizationPermissionsGuard.canActivate(route, state); + const actual = await TestBed.runInInjectionContext( + async () => await organizationPermissionsGuard()(route, state), + ); expect(actual).not.toBe(true); }); @@ -68,22 +68,22 @@ describe("Organization Permissions Guard", () => { const org = orgFactory(); organizationService.get.calledWith(org.id).mockResolvedValue(org); - const actual = await organizationPermissionsGuard.canActivate(route, state); + const actual = await TestBed.runInInjectionContext(async () => + organizationPermissionsGuard()(route, state), + ); expect(actual).toBe(true); }); it("permits navigation if the user has permissions", async () => { const permissionsCallback = jest.fn(); - permissionsCallback.mockImplementation((org) => true); - route.data = { - organizationPermissions: permissionsCallback, - }; - + permissionsCallback.mockImplementation((_org) => true); const org = orgFactory(); organizationService.get.calledWith(org.id).mockResolvedValue(org); - const actual = await organizationPermissionsGuard.canActivate(route, state); + const actual = await TestBed.runInInjectionContext( + async () => await organizationPermissionsGuard(permissionsCallback)(route, state), + ); expect(permissionsCallback).toHaveBeenCalled(); expect(actual).toBe(true); @@ -92,10 +92,7 @@ describe("Organization Permissions Guard", () => { describe("if the user does not have permissions", () => { it("and there is no Item ID, block navigation", async () => { const permissionsCallback = jest.fn(); - permissionsCallback.mockImplementation((org) => false); - route.data = { - organizationPermissions: permissionsCallback, - }; + permissionsCallback.mockImplementation((_org) => false); state = mock({ root: mock({ @@ -106,16 +103,15 @@ describe("Organization Permissions Guard", () => { const org = orgFactory(); organizationService.get.calledWith(org.id).mockResolvedValue(org); - const actual = await organizationPermissionsGuard.canActivate(route, state); + const actual = await TestBed.runInInjectionContext( + async () => await organizationPermissionsGuard(permissionsCallback)(route, state), + ); expect(permissionsCallback).toHaveBeenCalled(); expect(actual).not.toBe(true); }); it("and there is an Item ID, redirect to the item in the individual vault", async () => { - route.data = { - organizationPermissions: (org: Organization) => false, - }; state = mock({ root: mock({ queryParamMap: convertToParamMap({ @@ -126,7 +122,9 @@ describe("Organization Permissions Guard", () => { const org = orgFactory(); organizationService.get.calledWith(org.id).mockResolvedValue(org); - const actual = await organizationPermissionsGuard.canActivate(route, state); + const actual = await TestBed.runInInjectionContext( + async () => await organizationPermissionsGuard((_org: Organization) => false)(route, state), + ); expect(router.createUrlTree).toHaveBeenCalledWith(["/vault"], { queryParams: { itemId: "myItemId" }, @@ -143,7 +141,9 @@ describe("Organization Permissions Guard", () => { }); organizationService.get.calledWith(org.id).mockResolvedValue(org); - const actual = await organizationPermissionsGuard.canActivate(route, state); + const actual = await TestBed.runInInjectionContext( + async () => await organizationPermissionsGuard()(route, state), + ); expect(actual).not.toBe(true); }); @@ -155,7 +155,9 @@ describe("Organization Permissions Guard", () => { }); organizationService.get.calledWith(org.id).mockResolvedValue(org); - const actual = await organizationPermissionsGuard.canActivate(route, state); + const actual = await TestBed.runInInjectionContext( + async () => await organizationPermissionsGuard()(route, state), + ); expect(actual).toBe(true); }); diff --git a/apps/web/src/app/admin-console/organizations/guards/org-permissions.guard.ts b/apps/web/src/app/admin-console/organizations/guards/org-permissions.guard.ts index 63b89284ec..ded9e2b328 100644 --- a/apps/web/src/app/admin-console/organizations/guards/org-permissions.guard.ts +++ b/apps/web/src/app/admin-console/organizations/guards/org-permissions.guard.ts @@ -1,5 +1,10 @@ -import { Injectable } from "@angular/core"; -import { ActivatedRouteSnapshot, CanActivate, Router, RouterStateSnapshot } from "@angular/router"; +import { inject } from "@angular/core"; +import { + ActivatedRouteSnapshot, + CanActivateFn, + Router, + RouterStateSnapshot, +} from "@angular/router"; import { canAccessOrgAdmin, @@ -7,43 +12,58 @@ import { } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction"; import { Organization } from "@bitwarden/common/admin-console/models/domain/organization"; import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service"; -import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service"; import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction"; +import { ToastService } from "@bitwarden/components"; -@Injectable({ - providedIn: "root", -}) -export class OrganizationPermissionsGuard implements CanActivate { - constructor( - private router: Router, - private organizationService: OrganizationService, - private platformUtilsService: PlatformUtilsService, - private i18nService: I18nService, - private syncService: SyncService, - ) {} +/** + * `CanActivateFn` that asserts the logged in user has permission to access + * the page being navigated to. Two high-level checks are performed: + * + * 1. If the user is not a member of the organization in the URL parameters, they + * are redirected to the home screen. + * 2. If the organization in the URL parameters is disabled and the user is not + * an admin, they are redirected to the home screen. + * + * In addition to these high level checks the guard accepts a callback + * function as an argument that will be called to check for more granular + * permissions. Based on the return from callback one of the following + * will happen: + * + * 1. If the logged in user does not have the required permissions they are + * redirected to `/organizations/{id}` or `/` based on admin console access + * permissions. + * 2. If the logged in user does have the required permissions navigation + * proceeds as expected. + */ +export function organizationPermissionsGuard( + permissionsCallback?: (organization: Organization) => boolean, +): CanActivateFn { + return async (route: ActivatedRouteSnapshot, state: RouterStateSnapshot) => { + const router = inject(Router); + const organizationService = inject(OrganizationService); + const toastService = inject(ToastService); + const i18nService = inject(I18nService); + const syncService = inject(SyncService); - async canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot) { - // TODO: We need to fix this issue once and for all. - if ((await this.syncService.getLastSync()) == null) { - await this.syncService.fullSync(false); + // TODO: We need to fix issue once and for all. + if ((await syncService.getLastSync()) == null) { + await syncService.fullSync(false); } - const org = await this.organizationService.get(route.params.organizationId); + const org = await organizationService.get(route.params.organizationId); if (org == null) { - return this.router.createUrlTree(["/"]); + return router.createUrlTree(["/"]); } if (!org.isOwner && !org.enabled) { - this.platformUtilsService.showToast( - "error", - null, - this.i18nService.t("organizationIsDisabled"), - ); - return this.router.createUrlTree(["/"]); + toastService.showToast({ + variant: "error", + title: null, + message: i18nService.t("organizationIsDisabled"), + }); + return router.createUrlTree(["/"]); } - const permissionsCallback: (organization: Organization) => boolean = - route.data?.organizationPermissions; const hasPermissions = permissionsCallback == null || permissionsCallback(org); if (!hasPermissions) { @@ -52,19 +72,23 @@ export class OrganizationPermissionsGuard implements CanActivate { const cipherId = state.root.queryParamMap.get("itemId") || state.root.queryParamMap.get("cipherId"); if (cipherId) { - return this.router.createUrlTree(["/vault"], { + return router.createUrlTree(["/vault"], { queryParams: { itemId: cipherId, }, }); } - this.platformUtilsService.showToast("error", null, this.i18nService.t("accessDenied")); + toastService.showToast({ + variant: "error", + title: null, + message: i18nService.t("accessDenied"), + }); return canAccessOrgAdmin(org) - ? this.router.createUrlTree(["/organizations", org.id]) - : this.router.createUrlTree(["/"]); + ? router.createUrlTree(["/organizations", org.id]) + : router.createUrlTree(["/"]); } return true; - } + }; } diff --git a/apps/web/src/app/admin-console/organizations/members/members-routing.module.ts b/apps/web/src/app/admin-console/organizations/members/members-routing.module.ts index d722ad6c0f..5220ea1ef3 100644 --- a/apps/web/src/app/admin-console/organizations/members/members-routing.module.ts +++ b/apps/web/src/app/admin-console/organizations/members/members-routing.module.ts @@ -3,7 +3,7 @@ import { RouterModule, Routes } from "@angular/router"; import { canAccessMembersTab } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction"; -import { OrganizationPermissionsGuard } from "../guards/org-permissions.guard"; +import { organizationPermissionsGuard } from "../guards/org-permissions.guard"; import { MembersComponent } from "./members.component"; @@ -11,10 +11,9 @@ const routes: Routes = [ { path: "", component: MembersComponent, - canActivate: [OrganizationPermissionsGuard], + canActivate: [organizationPermissionsGuard(canAccessMembersTab)], data: { titleId: "members", - organizationPermissions: canAccessMembersTab, }, }, ]; diff --git a/apps/web/src/app/admin-console/organizations/organization-routing.module.ts b/apps/web/src/app/admin-console/organizations/organization-routing.module.ts index 518a3db5b1..2959601c10 100644 --- a/apps/web/src/app/admin-console/organizations/organization-routing.module.ts +++ b/apps/web/src/app/admin-console/organizations/organization-routing.module.ts @@ -12,7 +12,7 @@ import { } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction"; import { Organization } from "@bitwarden/common/admin-console/models/domain/organization"; -import { OrganizationPermissionsGuard } from "../../admin-console/organizations/guards/org-permissions.guard"; +import { organizationPermissionsGuard } from "../../admin-console/organizations/guards/org-permissions.guard"; import { organizationRedirectGuard } from "../../admin-console/organizations/guards/org-redirect.guard"; import { OrganizationLayoutComponent } from "../../admin-console/organizations/layouts/organization-layout.component"; import { GroupsComponent } from "../../admin-console/organizations/manage/groups.component"; @@ -23,10 +23,7 @@ const routes: Routes = [ { path: ":organizationId", component: OrganizationLayoutComponent, - canActivate: [deepLinkGuard(), AuthGuard, OrganizationPermissionsGuard], - data: { - organizationPermissions: canAccessOrgAdmin, - }, + canActivate: [deepLinkGuard(), AuthGuard, organizationPermissionsGuard(canAccessOrgAdmin)], children: [ { path: "", @@ -52,10 +49,9 @@ const routes: Routes = [ { path: "groups", component: GroupsComponent, - canActivate: [OrganizationPermissionsGuard], + canActivate: [organizationPermissionsGuard(canAccessGroupsTab)], data: { titleId: "groups", - organizationPermissions: canAccessGroupsTab, }, }, { diff --git a/apps/web/src/app/admin-console/organizations/reporting/organization-reporting-routing.module.ts b/apps/web/src/app/admin-console/organizations/reporting/organization-reporting-routing.module.ts index 6f63e34531..81837cb8a0 100644 --- a/apps/web/src/app/admin-console/organizations/reporting/organization-reporting-routing.module.ts +++ b/apps/web/src/app/admin-console/organizations/reporting/organization-reporting-routing.module.ts @@ -10,7 +10,7 @@ import { ReusedPasswordsReportComponent } from "../../../admin-console/organizat import { UnsecuredWebsitesReportComponent } from "../../../admin-console/organizations/tools/unsecured-websites-report.component"; import { WeakPasswordsReportComponent } from "../../../admin-console/organizations/tools/weak-passwords-report.component"; import { isPaidOrgGuard } from "../guards/is-paid-org.guard"; -import { OrganizationPermissionsGuard } from "../guards/org-permissions.guard"; +import { organizationPermissionsGuard } from "../guards/org-permissions.guard"; import { organizationRedirectGuard } from "../guards/org-redirect.guard"; import { EventsComponent } from "../manage/events.component"; @@ -19,8 +19,7 @@ import { ReportsHomeComponent } from "./reports-home.component"; const routes: Routes = [ { path: "", - canActivate: [OrganizationPermissionsGuard], - data: { organizationPermissions: canAccessReportingTab }, + canActivate: [organizationPermissionsGuard(canAccessReportingTab)], children: [ { path: "", @@ -31,7 +30,7 @@ const routes: Routes = [ { path: "reports", component: ReportsHomeComponent, - canActivate: [OrganizationPermissionsGuard], + canActivate: [organizationPermissionsGuard()], data: { titleId: "reports", }, @@ -81,10 +80,9 @@ const routes: Routes = [ { path: "events", component: EventsComponent, - canActivate: [OrganizationPermissionsGuard], + canActivate: [organizationPermissionsGuard((org) => org.canAccessEventLogs)], data: { titleId: "eventLogs", - organizationPermissions: (org: Organization) => org.canAccessEventLogs, }, }, ], diff --git a/apps/web/src/app/admin-console/organizations/settings/organization-settings-routing.module.ts b/apps/web/src/app/admin-console/organizations/settings/organization-settings-routing.module.ts index 31e2140497..d18f5125fd 100644 --- a/apps/web/src/app/admin-console/organizations/settings/organization-settings-routing.module.ts +++ b/apps/web/src/app/admin-console/organizations/settings/organization-settings-routing.module.ts @@ -4,7 +4,7 @@ import { RouterModule, Routes } from "@angular/router"; import { canAccessSettingsTab } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction"; import { Organization } from "@bitwarden/common/admin-console/models/domain/organization"; -import { OrganizationPermissionsGuard } from "../../organizations/guards/org-permissions.guard"; +import { organizationPermissionsGuard } from "../../organizations/guards/org-permissions.guard"; import { organizationRedirectGuard } from "../../organizations/guards/org-redirect.guard"; import { PoliciesComponent } from "../../organizations/policies"; @@ -14,8 +14,7 @@ import { TwoFactorSetupComponent } from "./two-factor-setup.component"; const routes: Routes = [ { path: "", - canActivate: [OrganizationPermissionsGuard], - data: { organizationPermissions: canAccessSettingsTab }, + canActivate: [organizationPermissionsGuard(canAccessSettingsTab)], children: [ { path: "", @@ -32,9 +31,8 @@ const routes: Routes = [ { path: "policies", component: PoliciesComponent, - canActivate: [OrganizationPermissionsGuard], + canActivate: [organizationPermissionsGuard((org) => org.canManagePolicies)], data: { - organizationPermissions: (org: Organization) => org.canManagePolicies, titleId: "policies", }, }, @@ -45,10 +43,9 @@ const routes: Routes = [ path: "import", loadComponent: () => import("./org-import.component").then((mod) => mod.OrgImportComponent), - canActivate: [OrganizationPermissionsGuard], + canActivate: [organizationPermissionsGuard((org) => org.canAccessImportExport)], data: { titleId: "importData", - organizationPermissions: (org: Organization) => org.canAccessImportExport, }, }, { @@ -57,10 +54,9 @@ const routes: Routes = [ import("../tools/vault-export/org-vault-export.component").then( (mod) => mod.OrganizationVaultExportComponent, ), - canActivate: [OrganizationPermissionsGuard], + canActivate: [organizationPermissionsGuard((org) => org.canAccessImportExport)], data: { titleId: "exportVault", - organizationPermissions: (org: Organization) => org.canAccessImportExport, }, }, ], diff --git a/apps/web/src/app/billing/organizations/organization-billing-routing.module.ts b/apps/web/src/app/billing/organizations/organization-billing-routing.module.ts index 4af0662875..970b40a54b 100644 --- a/apps/web/src/app/billing/organizations/organization-billing-routing.module.ts +++ b/apps/web/src/app/billing/organizations/organization-billing-routing.module.ts @@ -2,9 +2,8 @@ import { NgModule } from "@angular/core"; import { RouterModule, Routes } from "@angular/router"; import { canAccessBillingTab } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction"; -import { Organization } from "@bitwarden/common/admin-console/models/domain/organization"; -import { OrganizationPermissionsGuard } from "../../admin-console/organizations/guards/org-permissions.guard"; +import { organizationPermissionsGuard } from "../../admin-console/organizations/guards/org-permissions.guard"; import { organizationIsUnmanaged } from "../../billing/guards/organization-is-unmanaged.guard"; import { WebPlatformUtilsService } from "../../core/web-platform-utils.service"; import { PaymentMethodComponent } from "../shared"; @@ -16,8 +15,7 @@ import { OrganizationSubscriptionSelfhostComponent } from "./organization-subscr const routes: Routes = [ { path: "", - canActivate: [OrganizationPermissionsGuard], - data: { organizationPermissions: canAccessBillingTab }, + canActivate: [organizationPermissionsGuard(canAccessBillingTab)], children: [ { path: "", pathMatch: "full", redirectTo: "subscription" }, { @@ -30,19 +28,23 @@ const routes: Routes = [ { path: "payment-method", component: PaymentMethodComponent, - canActivate: [OrganizationPermissionsGuard, organizationIsUnmanaged], + canActivate: [ + organizationPermissionsGuard((org) => org.canEditPaymentMethods), + organizationIsUnmanaged, + ], data: { titleId: "paymentMethod", - organizationPermissions: (org: Organization) => org.canEditPaymentMethods, }, }, { path: "history", component: OrgBillingHistoryViewComponent, - canActivate: [OrganizationPermissionsGuard, organizationIsUnmanaged], + canActivate: [ + organizationPermissionsGuard((org) => org.canViewBillingHistory), + organizationIsUnmanaged, + ], data: { titleId: "billingHistory", - organizationPermissions: (org: Organization) => org.canViewBillingHistory, }, }, ], diff --git a/apps/web/src/app/vault/org-vault/vault-routing.module.ts b/apps/web/src/app/vault/org-vault/vault-routing.module.ts index e6e67fdae6..4c2ed048bd 100644 --- a/apps/web/src/app/vault/org-vault/vault-routing.module.ts +++ b/apps/web/src/app/vault/org-vault/vault-routing.module.ts @@ -3,15 +3,15 @@ import { RouterModule, Routes } from "@angular/router"; import { canAccessVaultTab } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction"; -import { OrganizationPermissionsGuard } from "../../admin-console/organizations/guards/org-permissions.guard"; +import { organizationPermissionsGuard } from "../../admin-console/organizations/guards/org-permissions.guard"; import { VaultComponent } from "./vault.component"; const routes: Routes = [ { path: "", component: VaultComponent, - canActivate: [OrganizationPermissionsGuard], - data: { titleId: "vaults", organizationPermissions: canAccessVaultTab }, + canActivate: [organizationPermissionsGuard(canAccessVaultTab)], + data: { titleId: "vaults" }, }, ]; @NgModule({ diff --git a/bitwarden_license/bit-web/src/app/admin-console/organizations/organizations-routing.module.ts b/bitwarden_license/bit-web/src/app/admin-console/organizations/organizations-routing.module.ts index ce97f54374..acb4fb6ecd 100644 --- a/bitwarden_license/bit-web/src/app/admin-console/organizations/organizations-routing.module.ts +++ b/bitwarden_license/bit-web/src/app/admin-console/organizations/organizations-routing.module.ts @@ -3,8 +3,7 @@ import { RouterModule, Routes } from "@angular/router"; import { AuthGuard } from "@bitwarden/angular/auth/guards"; import { canAccessSettingsTab } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction"; -import { Organization } from "@bitwarden/common/admin-console/models/domain/organization"; -import { OrganizationPermissionsGuard } from "@bitwarden/web-vault/app/admin-console/organizations/guards/org-permissions.guard"; +import { organizationPermissionsGuard } from "@bitwarden/web-vault/app/admin-console/organizations/guards/org-permissions.guard"; import { OrganizationLayoutComponent } from "@bitwarden/web-vault/app/admin-console/organizations/layouts/organization-layout.component"; import { SsoComponent } from "../../auth/sso/sso.component"; @@ -16,40 +15,34 @@ const routes: Routes = [ { path: "organizations/:organizationId", component: OrganizationLayoutComponent, - canActivate: [AuthGuard, OrganizationPermissionsGuard], + canActivate: [AuthGuard, organizationPermissionsGuard()], children: [ { path: "settings", - canActivate: [OrganizationPermissionsGuard], - data: { - organizationPermissions: canAccessSettingsTab, - }, + canActivate: [organizationPermissionsGuard(canAccessSettingsTab)], children: [ { path: "domain-verification", component: DomainVerificationComponent, - canActivate: [OrganizationPermissionsGuard], + canActivate: [organizationPermissionsGuard((org) => org.canManageDomainVerification)], data: { titleId: "domainVerification", - organizationPermissions: (org: Organization) => org.canManageDomainVerification, }, }, { path: "sso", component: SsoComponent, - canActivate: [OrganizationPermissionsGuard], + canActivate: [organizationPermissionsGuard((org) => org.canManageSso)], data: { titleId: "singleSignOn", - organizationPermissions: (org: Organization) => org.canManageSso, }, }, { path: "scim", component: ScimComponent, - canActivate: [OrganizationPermissionsGuard], + canActivate: [organizationPermissionsGuard((org) => org.canManageScim)], data: { titleId: "scim", - organizationPermissions: (org: Organization) => org.canManageScim, }, }, { @@ -58,9 +51,8 @@ const routes: Routes = [ import("./manage/device-approvals/device-approvals.component").then( (mod) => mod.DeviceApprovalsComponent, ), - canActivate: [OrganizationPermissionsGuard], + canActivate: [organizationPermissionsGuard((org) => org.canManageDeviceApprovals)], data: { - organizationPermissions: (org: Organization) => org.canManageDeviceApprovals, titleId: "deviceApprovals", }, }, diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/settings/settings-routing.module.ts b/bitwarden_license/bit-web/src/app/secrets-manager/settings/settings-routing.module.ts index 0b10ec8752..ddc9964060 100644 --- a/bitwarden_license/bit-web/src/app/secrets-manager/settings/settings-routing.module.ts +++ b/bitwarden_license/bit-web/src/app/secrets-manager/settings/settings-routing.module.ts @@ -1,8 +1,7 @@ import { NgModule } from "@angular/core"; import { RouterModule, Routes } from "@angular/router"; -import { Organization } from "@bitwarden/common/admin-console/models/domain/organization"; -import { OrganizationPermissionsGuard } from "@bitwarden/web-vault/app/admin-console/organizations/guards/org-permissions.guard"; +import { organizationPermissionsGuard } from "@bitwarden/web-vault/app/admin-console/organizations/guards/org-permissions.guard"; import { SecretsManagerExportComponent } from "./porting/sm-export.component"; import { SecretsManagerImportComponent } from "./porting/sm-import.component"; @@ -11,19 +10,17 @@ const routes: Routes = [ { path: "import", component: SecretsManagerImportComponent, - canActivate: [OrganizationPermissionsGuard], + canActivate: [organizationPermissionsGuard((org) => org.isAdmin)], data: { titleId: "importData", - organizationPermissions: (org: Organization) => org.isAdmin, }, }, { path: "export", component: SecretsManagerExportComponent, - canActivate: [OrganizationPermissionsGuard], + canActivate: [organizationPermissionsGuard((org) => org.isAdmin)], data: { titleId: "exportData", - organizationPermissions: (org: Organization) => org.isAdmin, }, }, ];